[38888] in Kerberos
GSSAPI sequence numbers
daemon@ATHENA.MIT.EDU (Jake Scott)
Fri Mar 26 16:33:38 2021
MIME-Version: 1.0
From: Jake Scott <jake@poptart.org>
Date: Fri, 26 Mar 2021 15:26:30 -0400
Message-ID: <CAExmWciwk3F2nWpa+yhkZoPCKQ5_Hd1603-FNhZ6KerEeSofhw@mail.gmail.com>
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi..
I am writing a native Golang implementation of GSSAPI, first for krb5 -
using Johnathan Turner's library (https://github.com/jcmturner/gokrb5).
I took the naive approach of handling the initial sequence numbers by
simply casting the uint32 value from the authenticator and AP-REP encpart
to uint64. However that causes compatibility issues with the MIT
implementation that appears to cast first to a signed int32 and then to the
GSSAPI uint64.
Looking at the Heimdal and Java code, it appears that my naive approach is
in use there unless I'm missing something glaringly obvious, and I can't
find mention in the RFC about any different encoding.
Could someone explain what the correct method is? If I'm missing a pointer
in a doc somewhere please let me know. Is MIT 'correct' technically or
maybe just by convention?
My current implementation is here :
https://github.com/jake-scott/go-gssapi/tree/v0
.. and the 'workaround' to make sequence numbers compatible with MIT :
// stash the sequence number for use in GSS Wrap
var seqTmp int32 = int32(auth.SeqNumber)
m.ourSequenceNumber = uint64(seqTmp)
Any info gratefully received..
Many thanks
Jake
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
